diff options
author | Ingela Anderton Andin <[email protected]> | 2014-12-02 09:35:24 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2014-12-02 09:35:24 +0100 |
commit | c86fc9abbef7d2af2b7e69a5dfc3c1749a411948 (patch) | |
tree | 1bb2822e07e4d37fe490f9d6ae3d97426b2706c4 /lib/ssl/src | |
parent | f29c64d43654e7c484fdf3e456ebc3d3efd7792c (diff) | |
parent | d9def0c852dfd5a3d10743cbed877cabe653d63a (diff) | |
download | otp-c86fc9abbef7d2af2b7e69a5dfc3c1749a411948.tar.gz otp-c86fc9abbef7d2af2b7e69a5dfc3c1749a411948.tar.bz2 otp-c86fc9abbef7d2af2b7e69a5dfc3c1749a411948.zip |
Merge branch 'ia/ssl/dialyzer/OTP-12341' into maint
* ia/ssl/dialyzer/OTP-12341:
ssl: Prepare for release
ssl: Change code to reflect that state data may be secret
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/ssl.appup.src | 12 | ||||
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 38 | ||||
-rw-r--r-- | lib/ssl/src/ssl_connection.hrl | 24 | ||||
-rw-r--r-- | lib/ssl/src/ssl_internal.hrl | 17 |
4 files changed, 41 insertions, 50 deletions
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src index 9d692379b4..b713f86c1e 100644 --- a/lib/ssl/src/ssl.appup.src +++ b/lib/ssl/src/ssl.appup.src @@ -1,24 +1,12 @@ %% -*- erlang -*- {"%VSN%", [ - {"5.3.6", [{load_module, ssl_handshake, soft_purge, soft_purge, [ssl_connection]}]}, - {"5.3.5", [{load_module, ssl, soft_purge, soft_purge, [ssl_connection]}, - {load_module, ssl_handshake, soft_purge, soft_purge, [ssl_certificate]}, - {load_module, ssl_certificate, soft_purge, soft_purge, []}, - {load_module, ssl_connection, soft_purge, soft_purge, [tls_connection]}, - {update, tls_connection, {advanced, {up, "5.3.5", "5.3.6"}}, [ssl_handshake]}]}, {<<"5\\.3\\.[1-4]($|\\..*)">>, [{restart_application, ssl}]}, {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]}, {<<"4\\..*">>, [{restart_application, ssl}]}, {<<"3\\..*">>, [{restart_application, ssl}]} ], [ - {"5.3.6", [{load_module, ssl_handshake, soft_purge, soft_purge, [ssl_connection]}]}, - {"5.3.5", [{load_module, ssl, soft_purge, soft_purge,[ssl_certificate]}, - {load_module, ssl_handshake, soft_purge, soft_purge,[ssl_certificate]}, - {load_module, ssl_certificate, soft_purge, soft_purge,[]}, - {load_module, ssl_connection, soft_purge, soft_purge,[tls_connection]}, - {update, tls_connection, {advanced, {down, "5.3.6", "5.3.5"}}, [ssl_handshake]}]}, {<<"5\\.3\\.[1-4]($|\\..*)">>, [{restart_application, ssl}]}, {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]}, {<<"4\\..*">>, [{restart_application, ssl}]}, diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 8ff9913cee..b6059eac58 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -937,27 +937,27 @@ terminate(_Reason, _StateName, #state{transport_cb = Transport, Transport:close(Socket). format_status(normal, [_, State]) -> - [{data, [{"StateData", State}]}]; + [{data, [{"StateData", State}]}]; format_status(terminate, [_, State]) -> SslOptions = (State#state.ssl_options), - NewOptions = SslOptions#ssl_options{password = "***", - cert = "***", - cacerts = "***", - key = "***", - dh = "***", - psk_identity = "***", - srp_identity = "***"}, - [{data, [{"StateData", State#state{connection_states = "***", - protocol_buffers = "***", - user_data_buffer = "***", - tls_handshake_history = "***", - session = "***", - private_key = "***", - diffie_hellman_params = "***", - diffie_hellman_keys = "***", - srp_params = "***", - srp_keys = "***", - premaster_secret = "***", + NewOptions = SslOptions#ssl_options{password = ?SECRET_PRINTOUT, + cert = ?SECRET_PRINTOUT, + cacerts = ?SECRET_PRINTOUT, + key = ?SECRET_PRINTOUT, + dh = ?SECRET_PRINTOUT, + psk_identity = ?SECRET_PRINTOUT, + srp_identity = ?SECRET_PRINTOUT}, + [{data, [{"StateData", State#state{connection_states = ?SECRET_PRINTOUT, + protocol_buffers = ?SECRET_PRINTOUT, + user_data_buffer = ?SECRET_PRINTOUT, + tls_handshake_history = ?SECRET_PRINTOUT, + session = ?SECRET_PRINTOUT, + private_key = ?SECRET_PRINTOUT, + diffie_hellman_params = ?SECRET_PRINTOUT, + diffie_hellman_keys = ?SECRET_PRINTOUT, + srp_params = ?SECRET_PRINTOUT, + srp_keys = ?SECRET_PRINTOUT, + premaster_secret = ?SECRET_PRINTOUT, ssl_options = NewOptions }}]}]. %%-------------------------------------------------------------------- diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl index c544a0591f..b9a1ef3a84 100644 --- a/lib/ssl/src/ssl_connection.hrl +++ b/lib/ssl/src/ssl_connection.hrl @@ -46,11 +46,11 @@ socket :: port(), ssl_options :: #ssl_options{}, socket_options :: #socket_options{}, - connection_states :: #connection_states{}, - protocol_buffers :: term(), %% #protocol_buffers{} from tls_record.hrl or dtls_recor.hrl - tls_handshake_history :: ssl_handshake:ssl_handshake_history(), + connection_states :: #connection_states{} | secret_printout(), + protocol_buffers :: term() | secret_printout() , %% #protocol_buffers{} from tls_record.hrl or dtls_recor.hrl + tls_handshake_history :: ssl_handshake:ssl_handshake_history() | secret_printout(), cert_db :: reference(), - session :: #session{}, + session :: #session{} | secret_printout(), session_cache :: db_handle(), session_cache_cb :: atom(), negotiated_version :: ssl_record:ssl_version(), @@ -58,18 +58,18 @@ key_algorithm :: ssl_cipher:key_algo(), hashsign_algorithm = {undefined, undefined}, cert_hashsign_algorithm, - public_key_info ::ssl_handshake:public_key_info(), - private_key ::public_key:private_key(), - diffie_hellman_params, % PKIX: #'DHParameter'{} relevant for server side - diffie_hellman_keys, % {PublicKey, PrivateKey} + public_key_info :: ssl_handshake:public_key_info(), + private_key :: public_key:private_key() | secret_printout(), + diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(), + diffie_hellman_keys :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} | undefined | secret_printout(), psk_identity :: binary(), % server psk identity hint - srp_params :: #srp_user{}, - srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()}, - premaster_secret :: binary(), + srp_params :: #srp_user{} | secret_printout(), + srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout(), + premaster_secret :: binary() | secret_printout() , file_ref_db :: db_handle(), cert_db_ref :: certdb_ref(), bytes_to_read :: undefined | integer(), %% bytes to read in passive mode - user_data_buffer :: undefined | binary(), + user_data_buffer :: undefined | binary() | secret_printout(), renegotiation :: undefined | {boolean(), From::term() | internal | peer}, start_or_recv_from :: term(), timer :: undefined | reference(), % start_or_recive_timer diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl index 85724de4bd..75efb64e3f 100644 --- a/lib/ssl/src/ssl_internal.hrl +++ b/lib/ssl/src/ssl_internal.hrl @@ -24,6 +24,8 @@ -include_lib("public_key/include/public_key.hrl"). +-define(SECRET_PRINTOUT, "***"). + -type reason() :: term(). -type reply() :: term(). -type msg() :: term(). @@ -36,6 +38,7 @@ -type issuer() :: tuple(). -type serialnumber() :: integer(). -type cert_key() :: {reference(), integer(), issuer()}. +-type secret_printout() :: list(). %% basic binary constructors -define(BOOLEAN(X), X:8/unsigned-big-integer). @@ -81,16 +84,16 @@ validate_extensions_fun, depth :: integer(), certfile :: binary(), - cert :: public_key:der_encoded(), + cert :: public_key:der_encoded() | secret_printout(), keyfile :: binary(), - key :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()}, - password :: string(), - cacerts :: [public_key:der_encoded()], + key :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()} | secret_printout(), + password :: string() | secret_printout(), + cacerts :: [public_key:der_encoded()] | secret_printout(), cacertfile :: binary(), - dh :: public_key:der_encoded(), - dhfile :: binary(), + dh :: public_key:der_encoded() | secret_printout(), + dhfile :: binary() | secret_printout(), user_lookup_fun, % server option, fun to lookup the user - psk_identity :: binary(), + psk_identity :: binary() | secret_printout() , srp_identity, % client option {User, Password} ciphers, % %% Local policy for the server if it want's to reuse the session |